Enterprise Segment Unprepared For Rising Cyber Threats

Latin America is something of a laggard in adopting new, transformative digital technologies that can help drive economic diversification. Although IT spending in general is forecast to be robust and centred around server and datacentre upgrades, we expect businesses to be slow to adopt digital protection despite the growing threat of cybercrime. This is a major risk to the region's economies, particularly those dependent on large multinational corporations as well as those hoping to see more local businesses take to the global stage.

Recent large-scale cyberattacks such as WannaCry and Petya/NotPetya emphasise the ease and rapidity with which relatively uncomplicated viruses can spread across unprotected, connected networks. Latin America will increasingly come to be seen as a lucrative target for ransomware operators, given the growing proliferation of large, cash-rich organisations, not only those in the hydrocarbons and commodities sectors but also those in the financial services and media industries. These are businesses that can ill afford to have key systems deactivated even for short periods of time and which would be prepared to pay to have compromised systems restored.

Latin America: Cybersecurity Adoption Drivers

Drivers

Increased targeting of enterprises and government agencies by cyberattackers.

Increased state involvement in cybersecurity policies through compliance and regulatory requirement directives.

Region-wide expansion of smart city and digital infrastructure projects,

Inhibitors

High cost of cybersecurity investment beyond the means of most small and medium-sized businesses.

SMEs' lack of incentive to invest while cyberattacks focus mainly on large businesses.

Wide availability of unsecure pirated software and continued reliance on old, unprotected devices.

Source: BMI

Opportunities

Rising adoption of cloud-based services and applications means that cybersecurity can be bundled in by service providers and not left to end-users.

Proliferation of smart city projects will lead to an accelerated device replacement cycle.

Challenges

Shortage of cybersecurity professionals.

Consumers and SMEs will continue to suffer a lack of awareness of the sophistication of cyber threats.

Anything that can be connected can be hacked.

Latin American healthcare, social services, education, transportation and power provision tend to be run by state or municipal governments, agencies that lack the financial resources to invest in cybersecurity or the technical expertise to maintain and continually upgrade digital assets. In many ways, these are the least secure elements of a country's digital ecosystem and it is here that investment is most needed.

Although government agencies are potential targets, it is not so much the case that they will be targeted for political reasons. While political risk in the region is high, owing to civil unrest in tightly-controlled markets such as Venezuela and Bolivia and corruption scandals unfolding in markets such as Brazil, there are few reasons for one state to use cyberweapons against other. This is in stark contrast to the nature of the cyberthreat in the Middle East, Eastern Europe and parts of Asia, where state-sponsored cyberterrorism is rife.

That said, in late July 2017, the US' Central Intelligence Agency (CIA) openly admitted it was working with partners in Colombia and Mexico to influence popular unrest in Venezuela and unseat president Nicolas Maduro (a statement quickly refuted by the Colombian and Mexican governments).

Consumers are potential targets, but the region's dependence on good enough, disposable technology and physical rather than digital goods means that efforts to target this group would not yield significant returns. The focus in Latin America, then, will be at the enterprise level, where insufficient investment in anti-virus software for devices such as desktop and laptop computers as well as more portable devices such as smartphones and tablets could amplify the effect of a determined cyberattack.

Microsoft's Windows is the most widely used operating system for desktop computers in Latin America and slow PC replacement rates suggest that older Windows devices will remain in use long after security support ceases to be provided. The recent WannaCry attack exploited weaknesses in older Windows XP devices and the relatively high penetration rate of XP-powered devices, as measured by Statcounter, shows that markets such as Argentina, Bolivia, Paraguay, Uruguay and Venezuela are potentially the most vulnerable.

Desktop Windows Versions Market Shares (%), June 2017

Win7

Win10

Win8x

WinXP

Others

Source: Statcounter

Argentina

50.8

26.8

12.5

9.2

0.7

Bolivia

51.7

26.6

15.9

5.5

0.3

Brazil

47.1

39.1

11.5

2.1

0.2

Chile

39.8

42.3

14.5

3.1

0.3

Colombia

42.0

38.9

16.7

1.8

0.6

El Salvador

43.5

38.0

15.2

2.9

0.4

Mexico

41.4

38.9

16.6

2.7

0.4

Nicaragua

45.8

34.3

17.4

2.2

0.3

Paraguay

49.0

33.5

13.2

4.0

0.3

Peru

46.7

29.1

20.3

3.7

0.2

Uruguay

45.4

35.3

12.6

6.1

0.6

Venezuela

58.8

22.9

8.1

9.1

1.1

Windows 10 migration is underway, but it will still be several years before the older Windows 7 and 8 platforms are superseded. The high penetration of Windows 7 represents the next most tangible threat as Microsoft prepares to end mainstream support for the product at the start of 2020.

Consumer and enterprise apathy is a key challenge with regard to improving cybersecurity in the Latin American region, but clearer government policy, regulations and incentives can help mitigate the problem. Countries such as Chile and Brazil have been implementing cybersecurity regulations and best-practice guidelines alongside encouraging global firms to establish large datacentres within their borders, but little effort has been made to reach out to smaller businesses and investment shortfalls are often reported by municipal governments. Relatively few announcements regarding cybersecurity policy and regulatory frameworks have been made in the region in the last 12 months, in stark contrast to developments in Asia and the Middle East. This suggests that cybersecurity in Latin America is at a very early stage of development, a prospect that will appeal to established and start-up cybersecurity vendors alike.

Start-ups Darktrace and ZeroFOX have announced plans to target sales of their security products in Latin America in 2017/18, while well established player Kaspersky has targeted the region as part of its global expansion drive through the use of freemium 'basic' antivirus tools. In February 2017, Microsoft launched its new Cybersecurity Engagement Sector in Mexico as part of a drive to sell cybersecurity services to public sector organisations across Latin America.

Much more will need to be done to mitigate IT security threats as the Latin American region increasingly embraces digital, connected services. Greater connectivity means more unsecured devices will be added to the mix. Investments in IT modernisation should be accompanied by investments in cybersecurity, we believe, and should be far greater than the USD39bn leading vendors forecast to be spent in the region by 2022.